supabase-functions

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill imports external runtime packages that will be fetched and executed by Deno (e.g., npm:stripe@14, jsr:@supabase/supabase-js@2, jsr:@supabase/functions-js/edge-runtime.d.ts), and those imports are required dependencies that execute remote code at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes an explicit Stripe integration: it imports the Stripe SDK, references STRIPE_SECRET_KEY and STRIPE_WEBHOOK_SECRET, and shows a webhook handler for checkout.session.completed. That is a specific payment gateway integration (Stripe) rather than a generic tool, and it provides the credentials and code paths to interact with payment events/APIs—i.e., direct financial execution capability.